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Remarks 

Claims 1, 2, 5, 7-9, 11-17, 20-25, and 29-32 are pending. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

1. Claims 1, 2, 5, 7-9, 11-17, 20, 23, 24, and 29-31 are rejected under 35 
U;S.C. 102(b) as being anticipated by O'Neil (U.S. Patent 5,987,440). 
Regarding Claim 1, 

O'Neil discloses an arrangement for protection of end user personal 
profile data in a communication system including a number of end user 
stations and a number of service/information/content providers or holding 
means holding end user personal profile data comprising: 

An intermediate proxy server supporting a first communication 
protocol for end user station communication (Column 5, line 26 to Column 
6, line 6; Column 15, line 54 to Column 16, line 6; and Figure 2); 

Means for providing published certificates (Column 6, lines 7-23); 
A personal profile data protection server supporting a second 
communication protocol for communication with the intermediary proxy 
server and a third communication protocol for communication with one of 
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the service/information/content providers, the personal profile data 
protection server further comprises an API allowing 
service/information/content provider queries/interactions, and storing 
means for storing of end user specific data and end user personal profile 
data (Column 17, lines 14-42; Column 41, line 31 to Column 42, line 31; 
and Column 45, line 53 to Column 46, line 46); and 

Wherein the intermediary proxy server further comprises means for 
verifying the genuinity of a certificate requested over the second 
communication protocol from the personal profile protection server against 
a published certificate and in that the service/information/content server 
can request, via the API, personal profile data and in that personal profile 
data is delivered according to end user preferences or in such a manner 
that there is no association between the actual end user and the personal 
profile data of the end user (Column 4, lines 25-40; Column 39, lines 40- 
50; Column 40, line 37 to Column 41 , line 6; and Column 41 , line 31 to 
Column 42, line 31). 

Regarding Claim 2, 

O'Neil discloses that the first communications protocol is a secure 
protocol (Column 4, lines 25-40). 

Regarding Claim 5, 

O'Neil discloses that the second communication protocol is a 
secure protocol (Column 4, lines 25-40). 



Application/Control Number: 10/603,447 Page 4 

Art Unit: 2137 

Regarding Claim 7, 

O'Neil discloses that the intermediary proxy server is an HTTP 
proxy (Column 40, line 59 to Column 41, line 37). 
Regarding Claim 8, 

O'Neil discloses that the intermediary proxy server comprises 
holding means for holding published certificates (Column 16, lines 7-35). 
Regarding Claim 9, 

O'Neil discloses that the intermediary proxy server is in 
communication with external holding means holding published certificates 
(Column 6, lines 7-23). 
Regarding Claim 11, 

O'Neil discloses that the intermediary proxy server is located within 
an intranet or at an operator's premises (Column 5, line 26 to Column 6, 
line 6; Column 15, line 54 to Column 16, line 6; and Figure 2). 
Regarding Claim 12, 

O'Neil discloses that the intermediary proxy server comprises a 
functionality for establishing a security communication agreement with the 
protection server (Column 4, lines 25-40). 
Regarding Claim 13, 

O'Neil discloses that the user preferences are stored in the end 
user station (Column 5, line 26 to Column 6, line 6; and Column 6, lines 
53-64). 
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Regarding Claim 14, 

O'Neil discloses that the user preferences relating to privacy level 
are stored in the intermediary proxy server (Column 35, lines 18-31 and 
Column 47, line 48 to Column 48, line 34). 
Regarding Claim 15, 

O'Neil discloses that the user preferences relating to privacy level 
are stored in separate fast access storing means after completion of the 
security communication agreement (Column 20, lines 38-50; and Column 
24, lines 19-25). 
Regarding Claim 16, 

O'Neil discloses that the protection server comprises an API 
allowing service/information/content provider control of site and page 
policies, and in that if the end user privacy level is increased, data below 
the privacy level is deleted (Column 12, line 32 to Column 13, line 3). 
Regarding Claim 17, 

O'Neil discloses that the protection server provides certificates, and 
preferably signatures upon request by the. intermediary proxy server 
(Column 4, lines 25-40; Column 39, lines 40-50; Column 40, line 37 to 
Column 41, line 6; and Column 41, line 31 to Column 42, line 31). 
Regarding Claim 20, 

O'Neil discloses that the protection server storing means comprises 
at least three tables containing information about end user specific data, 
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personal profile data information and statistical data respectively (Column 
17, line 14 to Column 18, line 42; and Column 54, line 44 to Column 55, 
line 45). 
Regarding Claim 23, 

O'Neil discloses a method for protection of end user personal 
profile data in a communication system with a number of end user stations 
and a number of service/information/content providers, comprising the 
steps of: 

Registering a certificate for an end user personal profile protection 
server with a trusted third party (Column 6, lines 7-23); 

Providing a request for the certificate from an intermediary proxy 
server in communication with an end user station using a first 
communication protocol, to the protection server over a second 
communication protocol (Column 4, lines 25-40; Column 39, lines 40-50; 
Column 40, line 37 to Column 41, line 6; and Column 41, line 31 to 
Column 42, line 31); 

Providing a response from the protection server to the intermediary 
proxy server (Column 4, lines 25-40; Column 39, lines 40-50; Column 40, 
line 37 to Column 41, line 6; and Column 41, line 31 to Column 42, line 
31); 

Verifying, in the intermediary proxy server that the certificate is 
genuine, thereby belonging to the respective protection server and is 
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registered with the trusted third party (Column 4, lines 25-40; Column 39, 
lines 40-50; Column 40, line 37 to Column 41 , line 6; and Column 41 , line 
31 to Column 42, line 31); 

After confirmation that the certificate is genuine, allowing the 
service/information/content provider to retrieve end user data and 
personal profile data according to a policy setting and an end user privacy 
level over an API and a third communication protocol (Column 20, lines 1- 
28; and Column 51, lines 1-33). 

Regarding Claim 24, 

O'Neil discloses establishing an end user personal profile data 
security agreement between the intermediary proxy server and the 
protection server (Column 4, lines 25-40). 

Regarding Claim 29, 

O'Neil discloses that end user preferences (privacy levels) are 
stored in the end user station or in the intermediary proxy server, and in 
that they can be separately stored after confirmation of an agreement 
(Column 5, line 26 to Column 6, line 6; Column 6, lines 53-64; Column 35, 
lines 18-31 and Column 47, line 48 to Column 48, line 34). 

Regarding Claim 30, 

O'Neil discloses providing an API at the protection server (Column 
41 , line 31 to Column 42, line 31 ; and Column 45, line 53 to Column 46, 
line 46); 
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Using the API for queries to the protection server from the 
service/information/content provider (Column 41, line 31 to Column 42, 
line 31; and Column 45, line 53 to Column 46, line 46); 

Providing responses over the third communication protocol to the 
service/information/content provider (Column 20, lines 1-28; and Column 
51, lines 1-33). 
Regarding Claim 31, 

O'Neil discloses storing data in a number of tables in the protection 
server relating to user specific data, end user personal profile data and 
statistical data (Column 17, line 14 to Column 18, line 42; and Column 54, 
line 44 to Column 55, line 45). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 21, 22, and 32 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over O'Neil in view of Walker (U.S. Patent 5,884,272). 

Regarding Claim 21, 

O'Neil may not disclose that the end user specific data and end 

user personal profile data is provided to the service/information/content 
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provider in such a manner that the end user cannot be traced by the 
service/information/content provider. 

Walker, however, discloses that the end user specific data and end 
user personal profile data is provided to the service/information/content 
provider in such a manner that the end user cannot be traced by the 
service/information/content provider (Column 9, lines 26-39; Column 16, 
lines 33-57; and Column 19, lines 19-36). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to 
incorporate the anonymous communication techniques of Walker into the 
personal information security and exchange tool of O'Neil in order to allow 
the parties to remain anonymous, while still providing and/or obtaining 
useful information from the other party, as well as to allow the parties to 
disclose their identities only at a time that they see fit. 

Regarding Claim 22, 

O'Neil as modified by Walker discloses the system of claim 21 , in 
addition, Walker discloses that the protection server comprises means for 
pseudonymizing statistical information and personal profile information by 
using a unique pseudo for each URL of the service/information/content 
provider that is requested (Column 9, lines 26-39; Column 16, lines 33-57; 
and Column 19, lines 19-36). 

Regarding Claim 32, 
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O'Neil may not disclose pseudonymizing statistical data and profile 
information such that end user personal data cannot be associated or tied 
to the actual end user. 

Walker, however, discloses pseudonymizing statistical data and 
profile information such that end user personal data cannot be associated 
or tied to the actual end user (Column 9, lines 26-39; Column 16, lines 33- 
57; and Column 19, lines 19-36). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the anonymous communication techniques of Walker into the personal 
information security and exchange tool of O'Neil in order to allow the 
parties to remain anonymous, while still providing and/or obtaining useful 
information from the other party, as well as to allow the parties to disclose 
their identities only at a time that they see fit. 

3. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over O'Neil in 
view of P3P ("P3P 1.0: A New Standard in Online Privacy", 9/13/2000, pp. 1-6, obtained 
from http://web.archive.org/web/20010516173343/www.w3.org/P3P/brochure.html). 

O'Neil does not explicitly disclose that the agreement comprise a P3P 
agreement. 

P3P, however, discloses that the agreement comprises a P3P agreement 
(Pages 1-5). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the privacy standard of P3P into the 
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personal information security and exchange tool of O'Neil in order to allow the 
system to interoperate with other privacy systems that implement the P3P 
standard. 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. "The Platform for Privacy Preferences 1.0 (P3P1.0) 
Specification", 12/15/2000, found online at http://www.w3.org/TR/2000/CR-P3P- 
20001215/. This reference has not been printed since it is large and not used in 
rejection. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 

272- 7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 



( 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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